US Government Behind Flame Virus According to Expert [VIDEO]

"Obama needs to stop cyber espionage now"

The US government was the creator of one of the most complex computer viruses in history, called Flame, according to F-Secure's Mikko Hypponen, and he is planning on writing to Barack Obama to plead that his government stop its cyber sabotage program.

Speaking to IBTimes UK at F-Secure's security lab in Helsinki, Hypponen, the company's security chief, said that while no one has admitted to creating Flame, all the evidence points to the fact that a covert US government intelligence agency is behind it.

"We now know that Flame is coming from the US government," Hypponen said. He admits there is no definitive proof of this, but all the evidence available points to it coming from the US government. "Occam's Razor tells us it was the US government."

Last week a book called Confront and Conceal by David Sanger was published which claims that Stuxnet, another cyber espionage tool, was created jointly by the US and Israeli governments to attack Iran's Natanz nuclear facility.

It was then discovered by experts at Kaspersky Lab this week that the creators of Flame and Stuxnet collaborated at some point, as an encrypted piece of code found in a 2009 version of Stuxnet bore a striking resemblance to one of the modules found in Flame.

Flame was discovered two weeks ago having gone undiscovered for at least two years, thanks to the sophistication of the software involved.

Flame has been described by security experts as one of the most complex pieces of malware ever discovered and allowed those who created it to search for and upload documents and files on a remote computer, watch and listen to what's taking place around the infected PC by turning on the camera or microphone, and even copy the address book from mobile phone within range of the computer.

Flame was discovered to be infecting computers in the Middle East, in countries such as Iran, Isreal and Sudan, with the majority of infected computers, according to Kaspersky's data, being in Iran.

While it is still unknown how Flame is initially introduced to a computer network, once inside it used a revolutionary new way of spreading to computers on the same network.

According to Hypponen, the people behind Flame were able to create fake Microsoft digital certificates, which tricked the computers into thinking they were receiving official Microsoft Windows updates.

Windows Root certificates are among the most valuable digital certificates in the world, or the "crown jewels" according to Hypponen.

Super Computer

In order to crack these certificates, the creators had to spend a huge amount of time and money to come up with a new method to generate them, called a collision hash, which required highly advanced cryptography, never seen before. "Science like this does not come from this air," Hypponen said.

However, even after they created this new way of generating the digital certificates, they would also have needed huge computing power, which Hypponen believes could only be done using a super-computer, of the type available at the National Security Agency (NSA) headquarters in Maryland.

Hypponen believes that making Microsoft digital certificates untrustworthy in the eyes of some of the 900 million Windows users around the globe is a very serious and worrying move.

If the US government did direct one of its intelligence agencies to attack an American company of the reputation and size of Microsoft, it would mark a major turning point in cyber espionage activity.

Hypponen told IBTimes UK that he was planning on writing an open letter to Barack Obama this week to say: "Stop taking away the trust from the most important system we have, which is Microsoft Windows Updates."

Cyber War

While many have called Flame the first act in a cyber war, Hypponen believes to call what is happening now a war is incorrect. "I don't think we have seen cyber war yet. How can you have a cyber war without a real war? What are we then going to call it when there is a real war?"

Hypponen prefers to call what is happening now cyber espionage or cyber sabotage, and he says that is it "happening all the time." The United States is not the only company in the world carrying out cyber espionage with both Germany and Denmark in Europe confirming in the last week that they are actively participating in cyber espionage.

Hypponen believes that almost all governments are participating in some form of cyber espionage to a greater or lesser degree and targeted, state-sponsored attacks has been happening for almost a decade and it is not going to change any time soon.

"Information used to be physical, but now it is digital. That is why espionage has gone online and will continue to be online," Hypponen said.

Flame, Stuxnet and Duqu all had very specific purposes and targets and were designed not to be found, which is why they went undetected for so long. F-Secure said that its system did not pick up one recorded infection by Flame in a customer's system, which highlights that this piece of malware was not designed to harm the general consumer.

Malware which infects you PC at home and tries to steal credit card information or encrypts all your information is full of bugs and is relatively easy to spot for F-Secure's automated tracking system.

However, Hypponen admits his company's anti-virus software and tracking system are useless against a threat like Flame, calling it the James Bond of the malware world. "We cannot protect you against this guy. We can try, we do our best, but if he wants to kill you then he will."

Asked about Flame's ability to go undetected by F-Secure and the rest of the security industry for so long, Hypponen said: "That is a failure. We want to protect them [customers] from the beginning, but we failed."

Considering how long Flame, and Stuxnet before it went undetected, it is very possible that another similar cyber threat is out there but has yet to be detected. "It is highly likely something else is out there," Hypponen said.